mod_pubcookie -- cross site scripting vulnerability

Details

VuXML ID

91afa94c-c452-11da-8bff-000ae42e9b93

Discovery

2006-03-06

Entry

2006-04-05

Nathan Dors of the Pubcookie Project reports:

Non-persistent XSS vulnerabilities were found in the
Pubcookie Apache module (mod_pubcookie) and ISAPI
filter. These components mishandle untrusted data when
printing responses to the browser. This makes them
vulnerable to carefully crafted requests containing script
or HTML. If an attacker can lure an unsuspecting user to
visit carefully staged content, the attacker can use it to
redirect the user to a vulnerable Pubcookie application
server and attempt to exploit the XSS vulnerabilities.

These vulnerabilities are classified as *high* due to the
nature and purpose of Pubcookie application servers for user
authentication and Web Single Sign-on (SSO). An attacker
who injects malicious script through the vulnerabilities
might steal private Pubcookie data including a user's
authentication assertion ("granting") cookies and
application session cookies.